Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

168

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring user authentication

6

EAP Type

Use the EAP Type checkboxes to enable the default EAP type(s) for
the Radius server. Options include:
PEAP - Select the PEAP checkbox to enable both PEAP types (GTC
and MSCHAP-V2) available to the access point. PEAP uses a TLS
layer on top of EAP as a carrier for other EAP modules. PEAP is an
ideal choice for networks using legacy EAP authentication
methods.
TTLS - Select the TTLS checkbox to enable all three TTLS types
(MD5, PAP and MSCHAP-V2) available to the access point.TTLS is
similar to EAP-TLS, but the client authentication portion of the
protocol is not performed until after a secure transport tunnel is
established. This allows EAP-TTLS to protect legacy authentication
methods used by some RADIUS servers.
TLS - The TLS checkbox is selected but disabled by default and
resides in the background as it does not contain user configurable
parameters.

Default
Authentication Type

Specify a PEAP and/or TTLS Authentication Type for EAP to use
from the drop-down menu to the right of each checkbox item. PEAP
options include:
GTC - EAP Generic Token Card (GTC) is a challenge handshake
authentication protocol using a hardware token card to provide the
response string.
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's challenge/response
authentication protocol.
TTLS options include:
PAP - Password Authentication Protocol sends a username and
password over a network to a server that compares the username
and password to a table of authorized users. If the username and
password are matched in the table, server access is authorized.
WatchGuard products do not support the PAP protocol because
the username and password are sent as clear text that a hacker
can read.
MD5 - This option enables the MD5 algorithm for data verification.
MD5 takes as input a message of arbitrary length and produces a
128- bit fingerprint. The MD5 algorithm is intended for digital
signature applications, in which a large file must be compressed in
a secure manner before being encrypted with a private (secret) key
under a public-key cryptographic system.
MSCHAP-V2 - Microsoft CHAP (MSCHAP-V2) is an encrypted
authentication method based on Microsoft's challenge/response
authentication protocol.

Server Certificate

If you have a server certificate from a CA and wish to use it on the
Radius server, select it from the drop-down menu. Only certificates
imported to the access point are available in the menu..

CA Certificate

You can also choose an imported CA Certificate to use on the
Radius server. If using a server certificate signed by a CA, import
that CA's root certificate using the CA certificates screen. After a
valid CA certificate has been imported, it is available from the CA
Certificate drop-down menu.